Main Content

How does your browser find out about itself?

Archive - Originally posted on "The Horse's Mouth" - 2011-01-11 23:44:06 - Graham Ellis

• Does this browser accept Cookies?
• Does this browser accept Flash?
• What processor chip type is in the computer hosting this browser?
• Will this browser run Java Applets?
• How wide is my window?

The answer ... if Javascript is enabled, which it usually is these days, is "via Javascript".

Javascript's navigator object contains the answers to four out of the five questions above - there's a source code example [here] and you can run that example [here].

The Window width (and other things about the document that's displayed within the browser) are in the document object; see [here] for the source of an example, and run it [here].

The questions I started with is "What is my IP address", and I've yet to find a full and proper answer to that one.

I can actually find out the IP address that the server sees me arriving from via PHP, looking at the $_SERVER["REMOTE_ADDR"] variable, and writing an AJAX query. But that reports the IP address from the server's perspective, and not the IP address that's being used on our internal network behind our router. In other words, I'm connected to my local network at the moment as "192.168.200.199", but that's rewritten to "82.33.81.79" when I connect out to the Internet. My server reports back 82.33.81.79, but I really want to know in my browser that I'm at 192.168.200.199.

I'm rather afraid that the answer I'm going to come up with is that I can't easily find my local IP address; JavaScript is sandboxed for security reasons, so I'm not going to be able to have it run a local operating system command and return the results, nor am I going to be able to read a file that I leave on the disc of each local machine. Calling up a local server within the page via Javascript seems attractive, but again I find myself facing cross-site scripting issues. It appears that there *are* techniques around - such as JSONP and CORS - which would let my page call up a local server as well as the remote one, but that's a fudge which relies on me someone opening a security hole (see Cross site Scripting, and I think the wise decision would be for me to look for a cleaner work around to meet my original requirement.